
REMARKS 

The Examiner is thanked for the performance of a thorough search. 

By this amendment, Claim 10 has been amended. No claims have been added or 
cancelled. Hence, Claims 1-24 are pending in the application. 

As a preliminary matter, receipt of the Notice of Draftsperson's Patent Drawing Review is 
acknowledged. Applicant recognizes that the present drawings are acceptable for examination 
purposes only. Formal drawings will be submitted after completion of the examination process 
upon the issuance of a Notice of Allowance. 

SUMMARY OF THE REJECTIONS/OBJECTIONS 

Claim 10 is objected to because a limitation lacks antecedent basis. In response, Claim 
10 has been amended. It is respectfully submitted that Claim 10 as amended does not contain a 
limitation that lacks antecedent basis. Withdrawal of the objection and reconsideration of Claim 
10 is requested. 

Claims 1, 10 and 19 are rejected under 35 U.S.C. 102(e) as being anticipated by U.S. 
Patent No. 5,758,153, issued to Bryan P. Atsatt, et al. on May 26, 1998 ("Atsatt"). These 
rejections are respectfully traversed. 

Claims 2-9, 11-18 and 20-24 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Atsatt. These rejections are respectfully traversed. 

ATSATT 

Atsatt describes an object oriented framework for a file system. Specifically, Atsatt 
describes classes used to define files, directories, and users (Column 11, lines 17-27, Column 16, 
line 1, Column 18, line 14, Column 12, lines 25-29, Column 25, lines 29-57). Access to files in 
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the file system is controlled through the use of protection domains. The protection domains are 

associated with users. 

Most operating systems provide a further level of protection for file system 
entities called pmtectiondor^ A protection domain is defined as a set of 
{Ob ject, R ights} pairs. For a file system, the objects are the file system entities 
and the rights are read, write, execute, etc. An example of a file system 
protection domain is shown in FIG. 3B. Domainl 10 has read access to Filel 
and read/write access to File2, Domain2 12 has read/execute access to File3 and 
read access to File4, Domain3 14 has read access to File4 and read/write access 
to FileS. 

In a file system, the protection domains are represented as a user or a group. 
(Copy from Column nine, lines 40-49). 

The authorization to perform a particular action (e.g., right to access a file) is herein 
referred to as a permission. Thus, a set permissions is a protection domain. 

When a user logs in and is authenticated, an object is created to represent the user. The 
object is an instantiation of the class TCredentials. Before the user is allowed to access a file, a 
look up is performed on an ACL file. (Column 12, lines 21-40). The ACL file associates 
principles, i.e. users, with permissions. (Column 12, lines 33-43; Column 25, lines 58-65; 
Column 26, lines 10-20). Thus, the ACL associates protection domains with TCredentials 
objects, or in other words, with instances of the TCredentials class. 



Claim 1 recites: 

establishing an association between said one or more protection domains 
and one or more classes of one or more objects; and 

determining whether an action requested by a particular object is permitted 
based on said association between said one or more protection 
domains and said one or more classes. 



CLAIM 1 
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A fundamental difference between the invention recited in Claim 1 and Atsatt may be 
summarized as follows: 

r 

/S*~ 

In Claim 1 ; protection domains are associated with classes of objects. 

In Atsatt: protection domains are associated with users (which are internally 

represented by objects that are instances of the class TCredentials). 

On a practical level, the significance of this difference is profound and fundamental. For 
example, because Atsatt associates protection domains with users, and all users are represented 
by objects that are instances of the same class, the class associated with an object cannot possibly 
be a factor in deciding what permissions an object has. 

Atsatt does not describe or in any way suggest a system that associates protection 
domains and object classes. In fact, it would be impossible to create a workable security system 
by combining a system that associates protection domains with object classes (as required by 
Claim 1) and the system described by Atsatt Specifically, a workable security system must be 
able to provide different permissions to different users. In Atsatt, all users are represented by 
objects of the class TCredentials. If protection domains were associated with the class 
TCredentials, then all users would be associated with the same protection domain (the protection 
domain associated with the class TCredentials). Consequently, the same set of permissions 
(those permissions that would be assoicated with the class Tcredentials) would apply to all users. 
Consequently, it would not be possible to establish different permissions for different users. 
Because Atsatt's use of protection domains is antithetical to the use recited in Claim 1, Atsatt 
effectively teaches away from associating classes with protection domains. 
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The Office Action identified various sections of Atsatt to support the assertion that Atsatt 
discloses the limitations of Claim 1. It is respectfully submitted that none of the identified 
sections disclose the limitations of Claim 1. Each identified section shall now be addressed. 

Figure 1 : Figure 1 of Atsatt is a block diagram of a generic computer system, and teaches 
nothing about any of the limitations of Claim 1 . 

The Abstract: The Abstract merely mentions that the file system is object oriented, and 
like all object-oriented systems has classes whose properties and methods can be extended. The 
Abstract also states that protection domains are used to protect against unauthorized access, but 
does not contain any details about how protection domains are used. As explained above, the 
Specification of Atsatt clearly explains that protection domains are used in a fundamentally 
different way than the way recited in Claim 1. 

Column 5, lines 23-25: In this section, Atsatt explains that Files, which are instances of 
the File Class, may include properties that specify permissions. As with all conventional file 
systems, Atsatt allows these file access permissions (e.g. read only, read/write, etc.) to be 
established on a per-file basis using these properties. Again, the per-object permission scheme 
thus taught by Atsatt is directly contrary to the idea of associating protection domains with object 
classes. 

Column 9, lines 39-59: This is the section of Atsatt that explains what protection domains 
are, and further explains that in Atsatt's system protection domains are associated with users and 
groups (not object classes). 

Because Atsatt not only fails to describe protection domains that are associated with 
classes, but teaches away from associating protection domains with classes, Atsatt fails to 
disclose or suggest in any way the limitations of Claim 1. Therefore, it is respectfully submitted 
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that Claim 1 is patentable. Withdrawal of the rejection with respect to and allowance of Claim 1 
is respectfully requested. 



Claims 2-6 depend on Claim 1, and contain all the limitations of Claim 1. Therefore, 
Claims 2-6 are patentable for at least those reasons given with respect to Claim 1. In addition, 
each of Claims 2-6 contain limitations that independently render them patentable. 

For example, Claim 2 recites: 

at least one protection domain of said one or more protection domains is 

associated with a code identifier; 
at least one class of said one or more classes is associated with said code 

identifier; and 

the step of establishing an association between said one or more protection 
domains and said one or more classes of one or more objects further 
includes the step of associating said one or more protection domains 
and said one or more classes based on said code identifier. 

As discussed with respect to Claim l 9 Atsatt does not disclose or suggest in any way 
classes that are associated with protection domains, let alone classes and protection domains that 
are associated based on a code identifier. 



Claims 7 recites: 

establishing an association between said one or more protection domains 

and one or more sources of code; and 
in response to executing code making a request to perform an action, 
determining whether said request is permitted based on a source of said code 
making said request and said association between said one or more 
protection domains and said one or more sources of code. 

Atsatt describes users that are associated with protection domains, and objects that are 
used to represent the users. However, Atsatt does not disclose sources of code that are associated 



CLAIMS 2-6 



CLAIM 7 
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with permissions. Therefore, Atsatt cannot disclose or suggest in any way determining whether a 
request is permitted based on an association between source code and protection domains. 

Claims 8 and 9 depend on Claim 7, and contain all the limitations of Claim 7. Therefore, 
Claims 8 and 9 are patentable for at least those reasons given with respect to Claim 7. In 
addition, Claims 8 and 9 recite limitations that independently render them patentable. 

For example, Claim 8 recites: 

establishing an association between said one or more protection domains 
and said one or more sources of code and one or more keys associated with 
said one or more sources of code. 

For reasons similar to those discussed with Claim 7, Atsatt does not establish an 
association between protection domain and sources of code, let alone, protection domain and 
sources of code and keys (e.g., cryptographic keys). 

CLAIMS 10-18 

Claims 10-18 contain limitations that mirror limitations of Claims 1-9, respectively. 
Therefore, Claims 10-18 are patentable for at least those reasons given with respect to Claims 1- 
9, respectively. 

CLAIMS 19-24 

Claim 19 recites: 

a domain mapping object stored in said memory, said domain mapping 
object establishing an association between said one or more 
protection domains and one or more classes of one or more 
objects; and 

said processor being configured to determine whether an action requested 
by a particular object is permitted based on said association between 
said one or more protection domains and said one or more classes. 

For reasons similar to those discussed with respect to Claim 1, Atsatt does not disclose or 

suggest in any way protection domains that are associated with classes, let alone a processor 
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configured to determine whether an action requested by an object is permitted based on an 
association between protection domains and classes. 

Claims 20-24 depend on Claim 19, and contain all the limitations of Claim 19. 
Therefore, Claims 20-24 are patentable for at least those reasons given with respect to Claim 19. 
The patentability of Claims 20-24 will therefore not be further addressed. 

For the reasons set forth above, it is respectfully submitted that all of the pending claims 
are now in condition for allowance. Therefore, the issuance of a formal Notice of Allowance is 
believed next in order, and that action is most earnestly solicited. 

The Examiner is respectfully requested to contact the undersigned by telephone if it is 
believed that such contact would further the examination of the present application. 

Please charge any shortages or credit any overages to Deposit Account No. 50-0385. 



Respectfully submitted, 



McDERMOTT, WILL & EMERY 





Brian D. Hickman 
Reg. No. 35,894 



(408) 271-2300 
600 13 th Street, N.W. 
Washington, DC 20005-3096 



Certificate of Mailing 



I hereby certify that this correspondence is 
being deposited with the United States Postal Service as 
first class mail in an envelope addressed to: 
Assistant Commissioner for Patents, 
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